Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          BUa21zM7mq3m+BCNgPWBiZtMZvctCbea1kLBcPnlLdE=
Subject key identifier:   86:43:8F:65:5F:2D:9C:EF:28:A9:E0:82:18:92:6D:BF:E2:3D:81:DA
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       55E15B76F9977DE98E2C5F08B393E2EFDD830F7A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
Signing time:             Wed 01 Apr 2026 08:42:48 +0000
ROA not before:           Wed 01 Apr 2026 08:37:48 +0000
ROA not after:            Wed 31 Mar 2027 08:42:48 +0000
asID:                     56655
IP address blocks:        143.14.40.0/22 maxlen: 22
                          143.14.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:e1:5b:76:f9:97:7d:e9:8e:2c:5f:08:b3:93:e2:ef:dd:83:0f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  1 08:37:48 2026 GMT
            Not After : Mar 31 08:42:48 2027 GMT
        Subject: CN=86438F655F2D9CEF28A9E08218926DBFE23D81DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a4:33:11:9a:3e:a4:f1:5e:14:c0:e1:37:56:
                    cc:70:ca:55:05:90:f5:7c:ca:c7:b9:47:2a:05:c6:
                    ca:42:88:24:86:47:31:c4:2a:69:31:28:54:6d:63:
                    cb:cf:03:9f:81:0d:6b:bf:95:ca:1c:23:d7:89:29:
                    c8:a8:1b:e7:35:cc:05:39:c9:b8:3a:13:e1:f4:9c:
                    e5:57:b4:ec:36:17:9b:18:6f:15:77:af:a1:86:f5:
                    c7:2b:02:bc:77:03:f3:6b:db:e1:69:c7:3b:01:c5:
                    05:81:8f:b0:f5:f0:42:97:35:57:38:50:e1:8c:f6:
                    d6:1b:66:22:31:5d:9b:f0:4b:d7:8e:dc:78:06:77:
                    25:f6:d2:1c:4a:51:d8:e6:85:33:a9:6c:a3:94:81:
                    53:41:64:af:4b:c1:fa:92:23:93:4b:77:65:87:8d:
                    3e:c0:f1:87:76:95:45:22:b6:bd:91:29:2a:20:c2:
                    7f:bd:29:9c:d9:95:c0:a1:a9:20:c9:6f:75:5b:8b:
                    60:cf:60:4c:92:82:8e:e7:e0:38:1f:25:24:6f:eb:
                    01:1f:18:11:ea:2d:2b:82:0e:01:e5:a3:4b:19:67:
                    09:95:4b:65:fb:a8:a4:be:3a:f3:db:4f:fb:dd:14:
                    c0:15:79:36:c7:1a:66:2c:ee:60:84:9c:e2:16:b7:
                    02:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:43:8F:65:5F:2D:9C:EF:28:A9:E0:82:18:92:6D:BF:E2:3D:81:DA
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.40.0/22
                  143.14.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:aa:0a:78:a4:13:e8:5a:a2:4e:d2:c3:18:2e:9e:4a:6e:f4:
         03:29:0c:53:48:75:bd:55:41:3b:e3:48:de:b3:04:99:5e:e7:
         09:a1:5b:e5:e6:29:16:78:45:91:1e:92:a7:33:f4:85:e7:57:
         70:82:04:63:d3:a5:30:30:1f:92:d6:70:51:be:40:68:32:de:
         60:0a:3c:b8:39:dd:c6:2d:91:01:2e:3b:6c:01:6d:f6:97:10:
         0b:0f:56:1d:08:49:7d:f5:a2:1d:cc:b7:8b:93:27:e6:1c:8f:
         c7:22:af:cb:da:10:d9:a0:7d:6c:4e:ed:92:91:1c:b2:76:29:
         21:2f:44:fc:6a:a3:9a:30:62:0e:89:e1:68:5e:e8:ca:c1:43:
         87:1a:64:14:57:89:da:b6:71:29:9c:99:6d:82:21:22:2e:e3:
         ab:eb:ed:c6:3e:02:7b:64:17:0d:f7:a4:3b:b7:ca:74:90:be:
         91:44:74:62:b1:76:a9:f1:c6:3b:a8:b2:32:66:44:f7:7d:35:
         29:2a:5e:96:50:02:65:26:ee:aa:01:48:6a:a1:84:1e:6f:46:
         a6:0d:a3:fe:29:8b:11:fc:26:88:0a:8e:79:33:88:c2:05:a8:
         50:ab:78:a8:96:2c:1e:6d:e4:03:47:e4:83:76:33:44:5f:24:
         67:8a:25:51
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUVeFbdvmXfemOLF8Is5Pi792DD3owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDEwODM3NDhaFw0yNzAzMzEwODQyNDhaMDMxMTAvBgNV
BAMTKDg2NDM4RjY1NUYyRDlDRUYyOEE5RTA4MjE4OTI2REJGRTIzRDgxREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvpDMRmj6k8V4UwOE3VsxwylUF
kPV8yse5RyoFxspCiCSGRzHEKmkxKFRtY8vPA5+BDWu/lcocI9eJKcioG+c1zAU5
ybg6E+H0nOVXtOw2F5sYbxV3r6GG9ccrArx3A/Nr2+FpxzsBxQWBj7D18EKXNVc4
UOGM9tYbZiIxXZvwS9eO3HgGdyX20hxKUdjmhTOpbKOUgVNBZK9LwfqSI5NLd2WH
jT7A8Yd2lUUitr2RKSogwn+9KZzZlcChqSDJb3Vbi2DPYEySgo7n4DgfJSRv6wEf
GBHqLSuCDgHlo0sZZwmVS2X7qKS+OvPbT/vdFMAVeTbHGmYs7mCEnOIWtwLDAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUhkOPZV8tnO8oqeCCGJJtv+I9gdowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAKPDigD
BACPDkwwDQYJKoZIhvcNAQELBQADggEBAIeqCnikE+haok7Swxgunkpu9AMpDFNI
db1VQTvjSN6zBJle5wmhW+XmKRZ4RZEekqcz9IXnV3CCBGPTpTAwH5LWcFG+QGgy
3mAKPLg53cYtkQEuO2wBbfaXEAsPVh0ISX31oh3Mt4uTJ+Ycj8cir8vaENmgfWxO
7ZKRHLJ2KSEvRPxqo5owYg6J4Whe6MrBQ4caZBRXidq2cSmcmW2CISIu46vr7cY+
AntkFw33pDu3ynSQvpFEdGKxdqnxxjuosjJmRPd9NSkqXpZQAmUm7qoBSGqhhB5v
RqYNo/4pixH8JogKjnkziMIFqFCreKiWLB5t5ANH5IN2M0RfJGeKJVE=
-----END CERTIFICATE-----